CVE-2018-5390

Name of the Vulnerable Software and Affected Versions Linux kernel versions 4.9 and later

Description The issue is related to the functions tcp collapse ofo queue and tcp prune ofo queue in the Linux kernel, which can be exploited to cause a denial of service. This can happen when an attacker sends specially crafted packets, forcing the kernel to make expensive calls for every incoming packet, leading to resource exhaustion. The vulnerability affects TCP connections and exploits the worst-case algorithmic complexity of TCP stream reassembly in Linux kernels.

Recommendations For Linux kernel versions 4.9 and later, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider implementing network traffic filtering to restrict the impact of specially crafted packets on the system. Restrict access to the system to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability for Check Point GAiA and Huawei VRP.